Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

When Ethereum moved from proof of work to proof of stake, it added some new functionality. One of these with the replacement of block.difficulty with block.prevrandao. Although, the opcode is still the same, the values have different meanings now.

The blockchain is completely deterministic, forcing randomness to come from things like Chainlink VRF off-chain. prevrandao is meant to be a source of randomness on chain that is created using decentralized information. This is generated with the following steps for each validator:

1. Sign over the current epoch number.
2. Compute hash of signature.
3. Calculate new randomness as hash XOR with the previous randomness.

Is this secure? That's a complicated question. The randomness is based upon signature data of the block. So, you cannot directly affect it. However, you can choose not to sign the data in your slot. If this is the case, the randao update is simply skipped. For every validator at the end of a slot, an attacker has control over a single bit of influence by deciding or not deciding on signing the data.

To use this in a secure way, we need to pick a prevrandao from the future. According to the EIP-4399 specification, this should be 4 epochs into the future. The reason for this is that we can limit the influence of an attacker by forcing them to guess earlier on.

A naive solution is to enforce a guess early then 4 epochs (greater than 128 blocks). in the future to do the validation. However, this is manipulable by censorship attacks by withholding a particular transaction until the prevrandao opcode returns a favorable value. To fix this problem, enforce that the transaction happens on a particular block in the future.

Overall, an interesting article on Ethereum randomness. It is still not secure enough for people to use on a lottery, but does it's job for simple on chain things, like ordering of validators.